<%@page import="java.sql.*"%>
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%
String username = request.getParameter("username");
String olduserpwd =  request.getParameter("olduserpwd");
String newuserpwd =  request.getParameter("newuserpwd");
if(username.indexOf("'")>=1){
	out.println("非法注入！");
	return;
}
	Class.forName("com.mysql.jdbc.Driver");
	Connection conn = DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/test","root","123456");
	Statement sql = conn.createStatement();
	ResultSet rs1 = sql.executeQuery("select * from blackjuly where name='"+ username +"' and password='" + olduserpwd + "'");
	if(!rs1.next()){
		out.println("没有此用户，或者用户不存在！");
		response.setHeader("refresh", "3;URL=Edit.html");
		return;
	}
	if(olduserpwd.equals(newuserpwd)){
		out.println("不能输入两次相同的密码！");
		response.setHeader("refresh", "3;URL=Edit.html");
		return;
	}
	int rs = sql.executeUpdate("update blackjuly set password = '" + newuserpwd + "' where name='" + username + "' and password='" + olduserpwd + "'");
	out.println("修改成功");
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>修改</title>
  </head>
  <body>
  </body>
</html>